COmanage terms and definitions



COmanage Registry

An Identity Management System (IdMS) designed for collaborative organizations.

COmanage component

A part of the COmanage toolset, one that will be available for use but not necessarily implemented by the COmanage platform. Group management tools such as Grouper may be a component within the COmanage platform.

COmanage platform 

A CMP based on the COmanage data model and the COmanage Reference Architecture.

COmanage Service Instance

A COmanage instance run externally to a CO. Currently in planning stages only.


General terms and definitions




A piece of information (e.g., name, email, status, age, address, course enrollment, level of education, nationality) about an individual.

CMP Admin

A person responsible for administration of the CMP itself (as opposed to access management to the CMP).

CO Identity

The collection of electronic information about an individual as applicable to their participation in the CMP. This information may be informed by data coming in from the initial IdP for the user, but will be editable/applicable only within the CMP setting. See also: Home institution identity

CO Registry

An identity registry of participants associated with a CO. The CO Registry is middleware that operates to support the CMP.

Collaboration Management Platform (CMP)

A unified collection of services and middleware that is intended to hide the complexities of inter-organizational collaboration, enabling Scientists, Researchers, Educators and any one else needing to work together to concentrate on their work instead of being frustrated by technological limitations. Services may include messaging (email, calendaring and scheduling, and contacts), team collaboration (file synchronization, ideas and notes in a wiki, task management, full-text search), real-time collaboration and communication (e.g., presence, instant messaging, Web conferencing, application / desktop sharing, voice, audio and video conferencing), and Social Computing tools (e.g., blog, wiki, tagging, RSS, shared bookmarks).

Collaborative Organization (CO)

A collection of people collaborating together. This may be on a department level, an institutional level, an interinstitutional level, or any combination there of. Virtual organizations (see below) are one possible form of Collaborative Organization. A CO provides the essential IT infrastructure supporting collaborations between people so that the traditional limitations of localized applications may be overcome.

Collaborative Organization Unit (COU)

The COU is an optional construct to allow you to define a hierarchy within a CO. (e.g. a self-contained collection or department within a CO; a collection of privileges within a CO)


A person, usually a staff person or a research associate, who is responsible for access management to the CMP. Tasks may include adding people to email lists, granting them wiki access controls, removing permissions, etc.

Delegated enrollment

When an account is created for an individual in a CMP, either by an administrator or other authorized person.

Delegated invitation

When an individual is invited (with option to decline) in to a CMP.


Removing access from an individual, either by deleting the account or changing their authorization information for a given service or application.

Domesticated Application

An application that works well with enterprise infrastructure, typically by externalizing group management, authentication, and/or authorization.


The process of inviting, adding to groups, establishing authorizations in the CO. (see CMP Enrollment)


In the COmanage context a collection of people where the workflow for onboarding/offboarding membership is relatively simple as compared to the workflows for a CO or COU

Identity Information Discovery

The process of collecting identity information about a participant in a CO from the participant's home institution and/or by collecting self asserted data from the participant. This process follows Invitation or Self Registration.

Identity Provider

An authoritative source of attributes for an individual.


The attribute flow from the identity provider in to the CMP.

Intake and enrollment process

The automatic enrollment of individuals in to a CMP as a result of input from the participating institutions' central IdM systems via federated tools such as Shibboleth or protocols such as OAuth.




The process of inviting a new person to the CO by an existing participant.

Home Institution Identity

The electronic identity stored at the identity provider, shared out per that institution's policies. Any changes that a member of the CO wishes to make to this information must be done at the home institution - the CMP will be unlikely to have authorization to make those changes for the user.

Organizational Identity

An identity that is somewhat vetted, probably from a education or research institution, as contrasted with a Social Identity


A set of data that follows you through the enrollment process.


Providing access to an individual user, either by creating an account or changing their authorization information for a given service or application.

Registry Admin

A person responsible for the administration of the CO Registry.


A specific function which implies a level of access rights to a service or set of services.

Self Registration

The process of a person becoming a new participant in a CO without being invited by an existing participant.

Social Identity

(definition in progress) An identity that is not vetted but is in popular use. For example: Google accounts, Facebook Connect, Twitter

Virtual Organization (VO)

A VO is a collection of individuals or institutions that is focused around a particular domain science and usually uses significant resources (computers, storage, networks, etc.) beyond collaboration tools. Often, these additional resources have substantial authorization requirements, stemming from federal guidelines, audit standards, etc.


For other useful terms and definitions, see the OSS IdM Functional Areas document *being produced by the FIFER-API group and the Grouper Glossary

  • No labels